I am really glad to present ,Something New.
Well First of its kind in India , BUGBOUNTY.IN
About ME
Nitish Mehta (A hacker , developer , innovator and Entrepreneur)
I Believe that if we work on something that we love then we surely will be successful doing that.Well I love many things as mentioned above A hacker , developer , innovator and Entrepreneur , was finding how to do all this in one time , one place .
you can check out my profile in https://www.nitishmehta.in/
before explaining what is bugbounty.in . Let me Explain few Keywords
What is Bug?
A software bug is an error, flaw, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways.Similarly A security Bug is that benefits someone other than intended beneficiaries in the intended ways.
Simple terms that security Bugs are the reason for something getting hacked.
What is Bounty?
An amount of money or other reward offered by an organization for the capture of a person or thing
Similarly, a security bug bounty system – anyone who reports a valid critical security bug receives a $ cash reward for each report or some Goodies . As per pre decided Rewards
Some of successfully running private Bug Bounties are:
Facebook – https://www.facebook.com/whitehat/bounty/
Mozilla – https://www.mozilla.org/security/bug-bounty.html
Paypal – https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues
Google – https://www.google.com/about/company/rewardprogram.html
What is Crowd Sourcing?
The practice of obtaining needed services, ideas, or content by soliciting contributions from a large group of people, and especially from an online community, rather than from traditional employees or suppliers.
Successfully Running Crowd Sourcing Portal
What is bugbounty.in ?
- It is a portal for penetration tester who can participate in different of Bug bounty ,they can Win goodies, Cash prize and Much more.
- A company can put there Bounties using our portal to have a secure and standard Bounty programs, so no malicious hacker can harm your Website.
- We will collect all security flaws which will be reported to us by our penetration tester , will format in perfect report for Managers , Techie and staffs with further guidance to solve bugs.
- We will elect Bounty winner with reference to points system and announce winner with prize
Currently we are under construction and hoping to start this program before end of this year!
We will love to host bounty programs for some Rodinhoods at minimal cost and for social venture for free
We have started Registrations for Both company Interested in Organizing Bug Bounty and Penetration Tester
Please check the Landing page and other links that can be make us social with you
https://www.facebook.com/bugbounty.in
https://twitter.com/bugbounty_in
https://plus.google.com/u/0/110813575863090917102
https://www.linkedin.com/company/illuminaitive-works/
https://delicious.com/bugbounty_in
Please Provide me with your Valuable Feedback and comments.
(Please don’t be a grammar NAZI and excuse my English 😉 )
Saraswathi Pulluru
Hi, if i understand correctly – you help companies detect their security flaws? Let’s say I am a crowd sourced tester and I discover a security flaw at xyz.com. Meanwhile the company gets their report and fixes it – I can still do something malicious right? Sorry if my questions is too lame, just a thought that occured to me.
Nitish Mehta
No ..!! reason are as below
1. you have an NDA clause with every tester .
2. Codes will be tested in our site which wont revel your Identity , so you guys are safe .
3.(logical one ) IF any one wants to do malicious then y he/she will report you ?
Saraswathi Pulluru
Ok, bought all your reasons 🙂 For the 3rd point – what if someone goes ahead and does something malicious, instead of reporting to you? Agreed that you have a NDA with every tester, but just voicing my suspicion.
The overall idea is quite appealing : Just wondering why did you launch a .in ( India specific) service. I am sure the whole world will embrace security related startups with open arms.
Thanks.
Nitish Mehta
See you forgetting 2 points here
1. We will be continuously watching action during Bounty time , we will make sure no one goes beyond certain point
2.there will be more than 100’s of ethical hacker trying to win BOUNTY , so it can be reported by some other .
and question regarding .in , ya domain is .in but we will be working for any one around world and will have Ethical Hacker around world , my target is to at-least register 3000 before launch
bounty prize will be in USD only and also our charges .!
Nitish Mehta
microsoft windows 8.1 bug bounty https://www.theverge.com/2013/6/19/4445546/microsoft-offers-windows-8-1-bug-bounty-100k-rewards 100k usd for finding one critical bug …
Kunal Shah
Hey Nitish,
At first look your idea is really nice and appealing.
correct me if I am wrong here, you will be working in a way similar to a deal-aggregator like (eg: http://www.couponduniya.com) for bugs where all companies can post their sites and ask testers to locate bugs.
Those who locate the most bugs in accordance with the points system will be winning.
Now I have the following questions:
1. Can you explain your points system a bit more?
2. How do you deal with a case where say 2 or more testers have found the same bugs?
All in all, loved the idea!!
Wish you all the best for it
Kunal
Nitish Mehta
the points will be allocated according to scope of vulnerability , response time (i.e 1st person to report correct will get extra points ) , explanation with solution will get extra points .
more points = more bounty
I am currently making an algorithm for this were we can find who has preform better . which will reflect in their profile which can be useful for private bounty
if 2 or tester has founded vul. and are able to explain also the reason with solution then prize will be split in n-ways
and thank you for your wishes ..!!